Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Upgrade Gateway API to v1.1.0 #1975

Merged
merged 3 commits into from
May 16, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion .github/workflows/ci.yml
Original file line number Diff line number Diff line change
Expand Up @@ -303,7 +303,7 @@ jobs:
make create-kind-cluster KIND_KUBE_CONFIG=${kube_config}
echo "KUBECONFIG=${kube_config}" >> "$GITHUB_ENV"
kind load docker-image ghcr.io/nginxinc/nginx-gateway-fabric:${{ steps.ngf-meta.outputs.version }} ghcr.io/nginxinc/nginx-gateway-fabric/nginx:${{ steps.nginx-meta.outputs.version }}
kubectl apply -f https://github.com/kubernetes-sigs/gateway-api/releases/download/v1.0.0/standard-install.yaml
kubectl apply -f https://github.com/kubernetes-sigs/gateway-api/releases/download/v1.1.0/standard-install.yaml

- name: Install Chart
run: >
Expand Down
2 changes: 1 addition & 1 deletion Makefile
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,7 @@ TELEMETRY_REPORT_PERIOD = 24h
TELEMETRY_ENDPOINT=# if empty, NGF will report telemetry in its logs at debug level.
TELEMETRY_ENDPOINT_INSECURE = false

GW_API_VERSION = 1.0.0
GW_API_VERSION = 1.1.0
ENABLE_EXPERIMENTAL = false
NODE_VERSION = $(shell cat .nvmrc)

Expand Down
2 changes: 1 addition & 1 deletion README.md
Original file line number Diff line number Diff line change
Expand Up @@ -66,7 +66,7 @@ The following table lists the software versions NGINX Gateway Fabric supports.

| NGINX Gateway Fabric | Gateway API | Kubernetes | NGINX OSS | NGINX Plus |
| -------------------- | ----------- | ---------- | --------- | ---------- |
| Edge | 1.0.0 | 1.25+ | 1.25.5 | R31 |
| Edge | 1.1.0 | 1.25+ | 1.25.5 | R31 |
| 1.2.0 | 1.0.0 | 1.23+ | 1.25.4 | R31 |
| 1.1.0 | 1.0.0 | 1.23+ | 1.25.3 | n/a |
| 1.0.0 | 0.8.1 | 1.23+ | 1.25.2 | n/a |
Expand Down
12 changes: 6 additions & 6 deletions apis/v1alpha1/clientsettingspolicy_types.go
Original file line number Diff line number Diff line change
Expand Up @@ -36,12 +36,6 @@ type ClientSettingsPolicyList struct {

// ClientSettingsPolicySpec defines the desired state of ClientSettingsPolicy.
type ClientSettingsPolicySpec struct {
// TargetRef identifies an API object to apply the policy to.
// Object must be in the same namespace as the policy.
//
// Support: Gateway, HTTPRoute
TargetRef gatewayv1alpha2.PolicyTargetReference `json:"targetRef"`

// Body defines the client request body settings.
//
// +optional
Expand All @@ -51,6 +45,12 @@ type ClientSettingsPolicySpec struct {
//
// +optional
KeepAlive *ClientKeepAlive `json:"keepAlive,omitempty"`

// TargetRef identifies an API object to apply the policy to.
// Object must be in the same namespace as the policy.
//
// Support: Gateway, HTTPRoute
TargetRef gatewayv1alpha2.LocalPolicyTargetReference `json:"targetRef"`
}

// ClientBody contains the settings for the client request body.
Expand Down
12 changes: 6 additions & 6 deletions apis/v1alpha1/observabilitypolicy_types.go
Original file line number Diff line number Diff line change
Expand Up @@ -37,16 +37,16 @@ type ObservabilityPolicyList struct {

// ObservabilityPolicySpec defines the desired state of the ObservabilityPolicy.
type ObservabilityPolicySpec struct {
// TargetRef identifies an API object to apply the policy to.
// Object must be in the same namespace as the policy.
//
// Support: HTTPRoute
TargetRef gatewayv1alpha2.PolicyTargetReference `json:"targetRef"`

// Tracing allows for enabling and configuring tracing.
//
// +optional
Tracing *Tracing `json:"tracing,omitempty"`

// TargetRef identifies an API object to apply the policy to.
// Object must be in the same namespace as the policy.
//
// Support: HTTPRoute
TargetRef gatewayv1alpha2.LocalPolicyTargetReference `json:"targetRef"`
}

// Tracing allows for enabling and configuring OpenTelemetry tracing.
Expand Down
4 changes: 2 additions & 2 deletions apis/v1alpha1/zz_generated.deepcopy.go

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

6 changes: 3 additions & 3 deletions charts/nginx-gateway-fabric/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -40,7 +40,7 @@ This chart deploys the NGINX Gateway Fabric in your Kubernetes cluster.
> [see the Technical Specifications](https://github.com/nginxinc/nginx-gateway-fabric/blob/main/README.md#technical-specifications).

```shell
kubectl apply -f https://github.com/kubernetes-sigs/gateway-api/releases/download/v1.0.0/standard-install.yaml
kubectl apply -f https://github.com/kubernetes-sigs/gateway-api/releases/download/v1.1.0/standard-install.yaml
```

## Installing the Chart
Expand Down Expand Up @@ -128,7 +128,7 @@ Gateway Fabric - [see the Technical Specifications](../../README.md#technical-sp
To upgrade the Gateway CRDs from [the Gateway API repo](https://github.com/kubernetes-sigs/gateway-api), run:

```shell
kubectl apply -f https://github.com/kubernetes-sigs/gateway-api/releases/download/v1.0.0/standard-install.yaml
kubectl apply -f https://github.com/kubernetes-sigs/gateway-api/releases/download/v1.1.0/standard-install.yaml
```

### Upgrading the CRDs
Expand Down Expand Up @@ -238,7 +238,7 @@ These commands remove all the Kubernetes components associated with the release
To delete the Gateway API CRDs from [the Gateway API repo](https://github.com/kubernetes-sigs/gateway-api), run:

```shell
kubectl delete -f https://github.com/kubernetes-sigs/gateway-api/releases/download/v1.0.0/standard-install.yaml
kubectl delete -f https://github.com/kubernetes-sigs/gateway-api/releases/download/v1.1.0/standard-install.yaml
```

## Configuration
Expand Down
4 changes: 2 additions & 2 deletions charts/nginx-gateway-fabric/templates/rbac.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -90,9 +90,9 @@ rules:
- gateways
- httproutes
- referencegrants
- grpcroutes
{{- if .Values.nginxGateway.gwAPIExperimentalFeatures.enable }}
- backendtlspolicies
- grpcroutes
{{- end }}
verbs:
- list
Expand All @@ -103,9 +103,9 @@ rules:
- httproutes/status
- gateways/status
- gatewayclasses/status
- grpcroutes/status
{{- if .Values.nginxGateway.gwAPIExperimentalFeatures.enable }}
- backendtlspolicies/status
- grpcroutes/status
{{- end }}
verbs:
- update
Expand Down
2 changes: 1 addition & 1 deletion cmd/gateway/validation.go
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,7 @@ import (

const (
// nolint:lll
// Regex from: https://github.com/kubernetes-sigs/gateway-api/blob/v1.0.0/apis/v1/shared_types.go#L640
// Regex from: https://github.com/kubernetes-sigs/gateway-api/blob/v1.1.0/apis/v1/shared_types.go#L647
controllerNameRegex = `^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*\/[A-Za-z0-9\/\-._~%!$&'()*+,;=:]+$` //nolint:lll
)

Expand Down
23 changes: 4 additions & 19 deletions config/crd/bases/gateway.nginx.org_clientsettingspolicies.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -133,16 +133,6 @@ spec:
maxLength: 253
minLength: 1
type: string
namespace:
description: |-
Namespace is the namespace of the referent. When unspecified, the local
namespace is inferred. Even when policy targets a resource in a different
namespace, it MUST only apply to traffic originating from the same
namespace as the policy.
maxLength: 63
minLength: 1
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
type: string
required:
- group
- kind
Expand Down Expand Up @@ -257,7 +247,7 @@ spec:


* Gateway (Gateway conformance profile)
* Service (Mesh conformance profile, experimental, ClusterIP Services only)
* Service (Mesh conformance profile, ClusterIP Services only)


Support for other resources is Implementation-Specific.
Expand Down Expand Up @@ -343,9 +333,6 @@ spec:


Support: Extended


<gateway:experimental>
format: int32
maximum: 65535
minimum: 1
Expand All @@ -356,14 +343,12 @@ spec:
following resources, SectionName is interpreted as the following:


* Gateway: Listener Name. When both Port (experimental) and SectionName
* Gateway: Listener name. When both Port (experimental) and SectionName
are specified, the name and port of the selected listener must match
both specified values.
* Service: Port Name. When both Port (experimental) and SectionName
* Service: Port name. When both Port (experimental) and SectionName
are specified, the name and port of the selected listener must match
both specified values. Note that attaching Routes to Services as Parents
is part of experimental Mesh support and is not supported for any other
purpose.
both specified values.


Implementations MAY choose to support attaching Routes to other resources.
Expand Down
23 changes: 4 additions & 19 deletions config/crd/bases/gateway.nginx.org_observabilitypolicies.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -74,16 +74,6 @@ spec:
maxLength: 253
minLength: 1
type: string
namespace:
description: |-
Namespace is the namespace of the referent. When unspecified, the local
namespace is inferred. Even when policy targets a resource in a different
namespace, it MUST only apply to traffic originating from the same
namespace as the policy.
maxLength: 63
minLength: 1
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
type: string
required:
- group
- kind
Expand Down Expand Up @@ -273,7 +263,7 @@ spec:


* Gateway (Gateway conformance profile)
* Service (Mesh conformance profile, experimental, ClusterIP Services only)
* Service (Mesh conformance profile, ClusterIP Services only)


Support for other resources is Implementation-Specific.
Expand Down Expand Up @@ -359,9 +349,6 @@ spec:


Support: Extended


<gateway:experimental>
format: int32
maximum: 65535
minimum: 1
Expand All @@ -372,14 +359,12 @@ spec:
following resources, SectionName is interpreted as the following:


* Gateway: Listener Name. When both Port (experimental) and SectionName
* Gateway: Listener name. When both Port (experimental) and SectionName
are specified, the name and port of the selected listener must match
both specified values.
* Service: Port Name. When both Port (experimental) and SectionName
* Service: Port name. When both Port (experimental) and SectionName
are specified, the name and port of the selected listener must match
both specified values. Note that attaching Routes to Services as Parents
is part of experimental Mesh support and is not supported for any other
purpose.
both specified values.


Implementations MAY choose to support attaching Routes to other resources.
Expand Down
18 changes: 10 additions & 8 deletions conformance/Makefile
Original file line number Diff line number Diff line change
Expand Up @@ -3,9 +3,9 @@ VERSION = 1.2.0 # NGF version
PREFIX = nginx-gateway-fabric
NGINX_PREFIX = $(PREFIX)/nginx
NGINX_PLUS_PREFIX ?= $(PREFIX)/nginx-plus
GW_API_VERSION ?= 1.0.0
GW_API_VERSION ?= 1.1.0
GATEWAY_CLASS = nginx
SUPPORTED_FEATURES = HTTPRouteQueryParamMatching,HTTPRouteMethodMatching,HTTPRoutePortRedirect,HTTPRouteSchemeRedirect,HTTPRouteHostRewrite,HTTPRoutePathRewrite,GatewayPort8080,HTTPRouteResponseHeaderModification
SUPPORTED_FEATURES = HTTPRouteQueryParamMatching,HTTPRouteMethodMatching,HTTPRoutePortRedirect,HTTPRouteSchemeRedirect,HTTPRouteHostRewrite,HTTPRoutePathRewrite,GatewayPort8080,HTTPRouteResponseHeaderModification,GRPCExactMethodMatching,GRPCRouteListenerHostnameMatching,GRPCRouteHeaderMatching
KIND_IMAGE ?= $(shell grep -m1 'FROM kindest/node' <tests/Dockerfile | awk -F'[ ]' '{print $$2}')
KIND_KUBE_CONFIG=$${HOME}/.kube/kind/config
CONFORMANCE_TAG = latest
Expand All @@ -16,10 +16,6 @@ PROVISIONER_MANIFEST=provisioner/provisioner.yaml
ENABLE_EXPERIMENTAL ?= false
.DEFAULT_GOAL := help

ifeq ($(ENABLE_EXPERIMENTAL),true)
SUPPORTED_FEATURES +=,GRPCExactMethodMatching,GRPCRouteListenerHostnameMatching,GRPCRouteHeaderMatching
endif

.PHONY: help
help: Makefile ## Display this help
@grep -E '^[a-zA-Z_-]+:.*?## .*$$' $(MAKEFILE_LIST) | sort | awk 'BEGIN {FS = ":.*?## "; printf "Usage:\n\n make \033[36m<target>\033[0m\n\nTargets:\n\n"}; {printf " \033[36m%-30s\033[0m %s\n", $$1, $$2}'
Expand Down Expand Up @@ -108,8 +104,14 @@ run-conformance-tests: ## Run conformance tests
bash scripts/check-pod-exit-code.sh
sed -e '1,/CONFORMANCE PROFILE/d' output.txt > conformance-profile.yaml
rm output.txt
[ $(shell cat conformance-profile.yaml | yq '.profiles[0].core.result') != "failure" ] \
&& [ $(shell cat conformance-profile.yaml | yq '.profiles[0].extended.result') != "failure" ] || exit 2
grpc_core_result=`yq '.profiles[0].core.result' conformance-profile.yaml`; \
http_core_result=`yq '.profiles[1].core.result' conformance-profile.yaml`; \
http_extended_result=`yq '.profiles[1].extended.result' conformance-profile.yaml`; \
if [ "$$grpc_core_result" != "failure" ] && [ "$$http_core_result" != "failure" ] && [ "$$http_extended_result" != "failure" ] ; then \
exit 0; \
else \
exit 2; \
fi

.PHONY: cleanup-conformance-tests
cleanup-conformance-tests: ## Clean up conformance tests fixtures
Expand Down
2 changes: 1 addition & 1 deletion conformance/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -50,7 +50,7 @@ update-ngf-manifest Update the NGF deployment manifest image na
| CONFORMANCE_PREFIX | conformance-test-runner | The prefix for the conformance test image |
| TAG | edge | The tag for the locally built NGF image |
| PREFIX | nginx-gateway-fabric | The prefix for the locally built NGF image |
| GW_API_VERSION | 1.0.0 | Tag for the Gateway API version to check out. Set to `main` to get the latest version |
| GW_API_VERSION | 1.1.0 | Tag for the Gateway API version to check out. Set to `main` to get the latest version |
| KIND_IMAGE | Latest kind image, as defined in the tests/Dockerfile | The kind image to use |
| KIND_KUBE_CONFIG | ~/.kube/kind/config | The location of the kubeconfig |
| GATEWAY_CLASS | nginx | The gateway class that should be used for the tests |
Expand Down
18 changes: 18 additions & 0 deletions conformance/tests/conformance-rbac.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,7 @@ rules:
- apiGroups:
- ""
resources:
- configmaps
- namespaces
- pods
- secrets
Expand All @@ -35,6 +36,7 @@ rules:
resources:
- gateways
- httproutes
- grpcroutes
- referencegrants
- gatewayclasses
verbs:
Expand All @@ -43,6 +45,22 @@ rules:
- get
- list
- patch
- apiGroups:
- apiextensions.k8s.io
resources:
- customresourcedefinitions
verbs:
- list
- apiGroups:
- discovery.k8s.io
resources:
- endpointslices
verbs:
- create
- delete
- get
- list
- patch
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
Expand Down
Loading
Loading